John Crupi

About a year and a half ago JackBe issued a warning, ‘DIY Ajax = DOA Ajax’, that said writing your own AJAX widgets was dangerous to your health and your career. Today, with over a hundred open source and commercial AJAX toolkits and frameworks, we can safely say we were right.

As you might expect, early indications are that developers are writing (or, at least, trying to write) their own enterprise mashups following the same pattern as the do-it-yourself AJAX developers. Now that JackBe has been providing enterprise mashup solutions for the last year, we want to issue a new warning: Don’t Write your own Enterprise Mashups!

In the interest of full disclosure, I should take a moment to remind you, JackBe is an Enterprise Mashup company that offers an enterprise mashup platform called Presto. More to the point, Presto has provided us with a nice portfolio of customers that see the value in enterprise mashups. And, more importantly, thought they’d be crazy to write their own enterprise mashup platform. That’s not a boast (or, at least, it’s not intended to be) but just the background from which we issue our warning.

And from this experience, we’ve developed a simple but powerful formula to help classify enterprise mashup functionality. We’ve found that it can help even laymen more effectively understand, plan, execute, and even evaluate an enterprise mashup solution for completeness. We call this the C5 Enterprise Mashup Framework.

C5 is a simple, nicely-organized capabilities checklist which defines the elements necessary to be a complete enterprise mashup platform. If an enterprise mashup software platform satisfies the 5Cs, it will likely save you hundreds if not thousands of man-hours getting your enterprise mashups to execute in a scalable and secure manner.

Because mashups are user driven, the C5 Framework highlights four user actions centered around one core security concept. The four user actions (C’s) are consume, create, customize and collaborate. The fifth “C” is a core security concept we call confidence that encapsulates enterprise security, reliability and governance requirements. The 5Cs fully defined would be:

• Consume:  A user must be able to consume public and private services on demand. The minimum set of consumable SOA-style services includes: WSDL, REST, RSS and Databases.

• Create: A user must be able to create new mashups made up of consumed services and previously created mashups, preferably in a visual editor.

• Customize: A user must be able to customize (filter, for example) existing mashups and create variants which themselves become mashups. Versioning of mashups is also preferred.

• Collaborate: A user must be able to publish and share their mashups publicly and privately, also providing opinions/rating/comments on services and mashups to peers.

• Confidence: All consumption, creation, customization and collaboration must occur in a secured and governed environment that delivers enterprise-grade security (i.e. integrating with single sign-on systems), reliability, and enterprise monitoring/governance systems.

The fifth “C”, Confidence, is what truly differentiates consumer mashups from enterprise mashups. Confidence is the security and governance infrastructure established by IT that must be followed by the mashup user, even if they are doing their own mashing. (Some might call this 5th C ‘Compliance.’) Business users need the same freedom as consumer-type users but must have the confidence that their organization’s trust, security and governance requirements are met.

There you have it, the C5 Enterprise Mashup Framework. A simple, powerful and effective way to checklist software vendors to determine if they in fact provide a complete Enterprise Mashup Platform. It is not a great stretch to say that the 5Cs would be difficult, at best, to create from scratch. Don't do it yourself. Equally important, make sure you have a checklist like the C5 Framework to help separate the players from the wannabes.